Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values.

In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
2025-12-28 02:19:04 +00:00 · 2011-09-11 12:13:13 +00:00
parent 1c92c03401
commit 035ae9e9b1
19 changed files with 77 additions and 68 deletions
--- a/scripts/mysql-brute.nse
+++ b/scripts/mysql-brute.nse
@@ -6,8 +6,8 @@ Performs password guessing against MySQL
 -- @output
 -- 3306/tcp open  mysql
 -- | mysql-brute:  
-- |   root:<empty> => Login Correct
-- |_  test:test => Login Correct
+-- |   root:<empty> => Valid credentials
+-- |_  test:test => Valid credentials

 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -23,6 +23,7 @@ stdnse.silent_require 'openssl'
 -- Created 01/15/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
 -- Revised 01/23/2010 - v0.2 - revised by Patrik Karlsson, changed username, password loop, added credential storage for other mysql scripts, added timelimit
 -- Revised 01/23/2010 - v0.3 - revised by Patrik Karlsson, fixed bug showing account passwords detected twice
+-- Revised 09/09/2011 - v0.4 - revised by Tom Sellers, changed account status text to be more consistent with other *-brute scripts

 portrule = shortport.port_or_service(3306, "mysql")

@@ -60,7 +61,7 @@ action = function( host, port )
 				end	
 				nmap.registry.mysqlusers[username]=password
 				
-				table.insert( valid_accounts, string.format("%s:%s => Login Correct", username, password:len()>0 and password or "<empty>" ) )
+				table.insert( valid_accounts, string.format("%s:%s => Valid credentials", username, password:len()>0 and password or "<empty>" ) )
 				break
 			end